Chinese Trojan discovered in Android games

An Android-based Trojan called "Geinimi" has been discovered in the wild, mobile security company Lookout now warns. The Trojan is capable of sending personal information to remote servers and exhibits botnet-like behavior, the security company says.

Geinimi originated in China, and is being distributed inside applications and games downloadable in third-party Android app stores. Once the application is launched on the user's smartphone, the trojan collects location data, as well as the device's IMEI and IMSI numbers, and a list of all the apps the user has installed on his device. It then attempts to contact a remote server every five minutes to send this information.

"Geinimi's author(s) have raised the sophistication bar significantly over and above previously observed Android malware by employing techniques to obfuscate its activities. In addition to using an off-the-shelf bytecode obfuscator, significant chunks of command-and-control data are encrypted. While the techniques were easily identified and failed to thwart analysis, they did substantially increase the level of effort required to analyze the malware," Lookout said on Wednesday.

Lookout says the Geinimi Trojan has been found in versions of the games Monkey Jump 2, Sex Positions, President vs. Aliens, City Defense, and Baseball Superstars 2010, which are hosted on third-party app stores. The versions of these same games in Google's Android Market are safe to download.

Earlier this year, another Android Trojan disguised as a media player application reached widespread circulation. Unlike Geinimi, that particular Trojan sent SMS messages to premium numbers that incurred charges on the user's phone bill.